00001
00002
00003
00004
00005
00006
00007
00008
00009
00010
00011
00012
00013
00014
00015
00016
00017
00018
00019
00020
00021
00022
00023
00024
00025
00026
00027
00028
00029
00030
00031
00032 #include "polarssl/config.h"
00033
00034 #if defined(POLARSSL_SSL_TLS_C)
00035
00036 #include "polarssl/aes.h"
00037 #include "polarssl/arc4.h"
00038 #include "polarssl/camellia.h"
00039 #include "polarssl/des.h"
00040 #include "polarssl/debug.h"
00041 #include "polarssl/ssl.h"
00042
00043 #include <string.h>
00044 #include <stdlib.h>
00045 #include <time.h>
00046
00047
00048
00049
00050 static int tls1_prf( unsigned char *secret, int slen, char *label,
00051 unsigned char *random, int rlen,
00052 unsigned char *dstbuf, int dlen )
00053 {
00054 int nb, hs;
00055 int i, j, k;
00056 unsigned char *S1, *S2;
00057 unsigned char tmp[128];
00058 unsigned char h_i[20];
00059
00060 if( sizeof( tmp ) < 20 + strlen( label ) + rlen )
00061 return( POLARSSL_ERR_SSL_BAD_INPUT_DATA );
00062
00063 hs = ( slen + 1 ) / 2;
00064 S1 = secret;
00065 S2 = secret + slen - hs;
00066
00067 nb = strlen( label );
00068 memcpy( tmp + 20, label, nb );
00069 memcpy( tmp + 20 + nb, random, rlen );
00070 nb += rlen;
00071
00072
00073
00074
00075 md5_hmac( S1, hs, tmp + 20, nb, 4 + tmp );
00076
00077 for( i = 0; i < dlen; i += 16 )
00078 {
00079 md5_hmac( S1, hs, 4 + tmp, 16 + nb, h_i );
00080 md5_hmac( S1, hs, 4 + tmp, 16, 4 + tmp );
00081
00082 k = ( i + 16 > dlen ) ? dlen % 16 : 16;
00083
00084 for( j = 0; j < k; j++ )
00085 dstbuf[i + j] = h_i[j];
00086 }
00087
00088
00089
00090
00091 sha1_hmac( S2, hs, tmp + 20, nb, tmp );
00092
00093 for( i = 0; i < dlen; i += 20 )
00094 {
00095 sha1_hmac( S2, hs, tmp, 20 + nb, h_i );
00096 sha1_hmac( S2, hs, tmp, 20, tmp );
00097
00098 k = ( i + 20 > dlen ) ? dlen % 20 : 20;
00099
00100 for( j = 0; j < k; j++ )
00101 dstbuf[i + j] = (unsigned char)( dstbuf[i + j] ^ h_i[j] );
00102 }
00103
00104 memset( tmp, 0, sizeof( tmp ) );
00105 memset( h_i, 0, sizeof( h_i ) );
00106
00107 return( 0 );
00108 }
00109
00110 int ssl_derive_keys( ssl_context *ssl )
00111 {
00112 int i;
00113 md5_context md5;
00114 sha1_context sha1;
00115 unsigned char tmp[64];
00116 unsigned char padding[16];
00117 unsigned char sha1sum[20];
00118 unsigned char keyblk[256];
00119 unsigned char *key1;
00120 unsigned char *key2;
00121
00122 SSL_DEBUG_MSG( 2, ( "=> derive keys" ) );
00123
00124
00125
00126
00127
00128
00129
00130
00131
00132
00133
00134 if( ssl->resume == 0 )
00135 {
00136 int len = ssl->pmslen;
00137
00138 SSL_DEBUG_BUF( 3, "premaster secret", ssl->premaster, len );
00139
00140 if( ssl->minor_ver == SSL_MINOR_VERSION_0 )
00141 {
00142 for( i = 0; i < 3; i++ )
00143 {
00144 memset( padding, 'A' + i, 1 + i );
00145
00146 sha1_starts( &sha1 );
00147 sha1_update( &sha1, padding, 1 + i );
00148 sha1_update( &sha1, ssl->premaster, len );
00149 sha1_update( &sha1, ssl->randbytes, 64 );
00150 sha1_finish( &sha1, sha1sum );
00151
00152 md5_starts( &md5 );
00153 md5_update( &md5, ssl->premaster, len );
00154 md5_update( &md5, sha1sum, 20 );
00155 md5_finish( &md5, ssl->session->master + i * 16 );
00156 }
00157 }
00158 else
00159 tls1_prf( ssl->premaster, len, "master secret",
00160 ssl->randbytes, 64, ssl->session->master, 48 );
00161
00162 memset( ssl->premaster, 0, sizeof( ssl->premaster ) );
00163 }
00164 else
00165 SSL_DEBUG_MSG( 3, ( "no premaster (session resumed)" ) );
00166
00167
00168
00169
00170 memcpy( tmp, ssl->randbytes, 64 );
00171 memcpy( ssl->randbytes, tmp + 32, 32 );
00172 memcpy( ssl->randbytes + 32, tmp, 32 );
00173 memset( tmp, 0, sizeof( tmp ) );
00174
00175
00176
00177
00178
00179
00180
00181
00182
00183
00184
00185
00186
00187 if( ssl->minor_ver == SSL_MINOR_VERSION_0 )
00188 {
00189 for( i = 0; i < 16; i++ )
00190 {
00191 memset( padding, 'A' + i, 1 + i );
00192
00193 sha1_starts( &sha1 );
00194 sha1_update( &sha1, padding, 1 + i );
00195 sha1_update( &sha1, ssl->session->master, 48 );
00196 sha1_update( &sha1, ssl->randbytes, 64 );
00197 sha1_finish( &sha1, sha1sum );
00198
00199 md5_starts( &md5 );
00200 md5_update( &md5, ssl->session->master, 48 );
00201 md5_update( &md5, sha1sum, 20 );
00202 md5_finish( &md5, keyblk + i * 16 );
00203 }
00204
00205 memset( &md5, 0, sizeof( md5 ) );
00206 memset( &sha1, 0, sizeof( sha1 ) );
00207
00208 memset( padding, 0, sizeof( padding ) );
00209 memset( sha1sum, 0, sizeof( sha1sum ) );
00210 }
00211 else
00212 tls1_prf( ssl->session->master, 48, "key expansion",
00213 ssl->randbytes, 64, keyblk, 256 );
00214
00215 SSL_DEBUG_MSG( 3, ( "cipher = %s", ssl_get_cipher( ssl ) ) );
00216 SSL_DEBUG_BUF( 3, "master secret", ssl->session->master, 48 );
00217 SSL_DEBUG_BUF( 4, "random bytes", ssl->randbytes, 64 );
00218 SSL_DEBUG_BUF( 4, "key block", keyblk, 256 );
00219
00220 memset( ssl->randbytes, 0, sizeof( ssl->randbytes ) );
00221
00222
00223
00224
00225 switch( ssl->session->cipher )
00226 {
00227 #if defined(POLARSSL_ARC4_C)
00228 case SSL_RSA_RC4_128_MD5:
00229 ssl->keylen = 16; ssl->minlen = 16;
00230 ssl->ivlen = 0; ssl->maclen = 16;
00231 break;
00232
00233 case SSL_RSA_RC4_128_SHA:
00234 ssl->keylen = 16; ssl->minlen = 20;
00235 ssl->ivlen = 0; ssl->maclen = 20;
00236 break;
00237 #endif
00238
00239 #if defined(POLARSSL_DES_C)
00240 case SSL_RSA_DES_168_SHA:
00241 case SSL_EDH_RSA_DES_168_SHA:
00242 ssl->keylen = 24; ssl->minlen = 24;
00243 ssl->ivlen = 8; ssl->maclen = 20;
00244 break;
00245 #endif
00246
00247 #if defined(POLARSSL_AES_C)
00248 case SSL_RSA_AES_128_SHA:
00249 ssl->keylen = 16; ssl->minlen = 32;
00250 ssl->ivlen = 16; ssl->maclen = 20;
00251 break;
00252
00253 case SSL_RSA_AES_256_SHA:
00254 case SSL_EDH_RSA_AES_256_SHA:
00255 ssl->keylen = 32; ssl->minlen = 32;
00256 ssl->ivlen = 16; ssl->maclen = 20;
00257 break;
00258 #endif
00259
00260 #if defined(POLARSSL_CAMELLIA_C)
00261 case SSL_RSA_CAMELLIA_128_SHA:
00262 ssl->keylen = 16; ssl->minlen = 32;
00263 ssl->ivlen = 16; ssl->maclen = 20;
00264 break;
00265
00266 case SSL_RSA_CAMELLIA_256_SHA:
00267 case SSL_EDH_RSA_CAMELLIA_256_SHA:
00268 ssl->keylen = 32; ssl->minlen = 32;
00269 ssl->ivlen = 16; ssl->maclen = 20;
00270 break;
00271 #endif
00272
00273 default:
00274 SSL_DEBUG_MSG( 1, ( "cipher %s is not available",
00275 ssl_get_cipher( ssl ) ) );
00276 return( POLARSSL_ERR_SSL_FEATURE_UNAVAILABLE );
00277 }
00278
00279 SSL_DEBUG_MSG( 3, ( "keylen: %d, minlen: %d, ivlen: %d, maclen: %d",
00280 ssl->keylen, ssl->minlen, ssl->ivlen, ssl->maclen ) );
00281
00282
00283
00284
00285 if( ssl->endpoint == SSL_IS_CLIENT )
00286 {
00287 key1 = keyblk + ssl->maclen * 2;
00288 key2 = keyblk + ssl->maclen * 2 + ssl->keylen;
00289
00290 memcpy( ssl->mac_enc, keyblk, ssl->maclen );
00291 memcpy( ssl->mac_dec, keyblk + ssl->maclen, ssl->maclen );
00292
00293 memcpy( ssl->iv_enc, key2 + ssl->keylen, ssl->ivlen );
00294 memcpy( ssl->iv_dec, key2 + ssl->keylen + ssl->ivlen,
00295 ssl->ivlen );
00296 }
00297 else
00298 {
00299 key1 = keyblk + ssl->maclen * 2 + ssl->keylen;
00300 key2 = keyblk + ssl->maclen * 2;
00301
00302 memcpy( ssl->mac_dec, keyblk, ssl->maclen );
00303 memcpy( ssl->mac_enc, keyblk + ssl->maclen, ssl->maclen );
00304
00305 memcpy( ssl->iv_dec, key1 + ssl->keylen, ssl->ivlen );
00306 memcpy( ssl->iv_enc, key1 + ssl->keylen + ssl->ivlen,
00307 ssl->ivlen );
00308 }
00309
00310 switch( ssl->session->cipher )
00311 {
00312 #if defined(POLARSSL_ARC4_C)
00313 case SSL_RSA_RC4_128_MD5:
00314 case SSL_RSA_RC4_128_SHA:
00315 arc4_setup( (arc4_context *) ssl->ctx_enc, key1, ssl->keylen );
00316 arc4_setup( (arc4_context *) ssl->ctx_dec, key2, ssl->keylen );
00317 break;
00318 #endif
00319
00320 #if defined(POLARSSL_DES_C)
00321 case SSL_RSA_DES_168_SHA:
00322 case SSL_EDH_RSA_DES_168_SHA:
00323 des3_set3key_enc( (des3_context *) ssl->ctx_enc, key1 );
00324 des3_set3key_dec( (des3_context *) ssl->ctx_dec, key2 );
00325 break;
00326 #endif
00327
00328 #if defined(POLARSSL_AES_C)
00329 case SSL_RSA_AES_128_SHA:
00330 aes_setkey_enc( (aes_context *) ssl->ctx_enc, key1, 128 );
00331 aes_setkey_dec( (aes_context *) ssl->ctx_dec, key2, 128 );
00332 break;
00333
00334 case SSL_RSA_AES_256_SHA:
00335 case SSL_EDH_RSA_AES_256_SHA:
00336 aes_setkey_enc( (aes_context *) ssl->ctx_enc, key1, 256 );
00337 aes_setkey_dec( (aes_context *) ssl->ctx_dec, key2, 256 );
00338 break;
00339 #endif
00340
00341 #if defined(POLARSSL_CAMELLIA_C)
00342 case SSL_RSA_CAMELLIA_128_SHA:
00343 camellia_setkey_enc( (camellia_context *) ssl->ctx_enc, key1, 128 );
00344 camellia_setkey_dec( (camellia_context *) ssl->ctx_dec, key2, 128 );
00345 break;
00346
00347 case SSL_RSA_CAMELLIA_256_SHA:
00348 case SSL_EDH_RSA_CAMELLIA_256_SHA:
00349 camellia_setkey_enc( (camellia_context *) ssl->ctx_enc, key1, 256 );
00350 camellia_setkey_dec( (camellia_context *) ssl->ctx_dec, key2, 256 );
00351 break;
00352 #endif
00353
00354 default:
00355 return( POLARSSL_ERR_SSL_FEATURE_UNAVAILABLE );
00356 }
00357
00358 memset( keyblk, 0, sizeof( keyblk ) );
00359
00360 SSL_DEBUG_MSG( 2, ( "<= derive keys" ) );
00361
00362 return( 0 );
00363 }
00364
00365 void ssl_calc_verify( ssl_context *ssl, unsigned char hash[36] )
00366 {
00367 md5_context md5;
00368 sha1_context sha1;
00369 unsigned char pad_1[48];
00370 unsigned char pad_2[48];
00371
00372 SSL_DEBUG_MSG( 2, ( "=> calc verify" ) );
00373
00374 memcpy( &md5 , &ssl->fin_md5 , sizeof( md5_context ) );
00375 memcpy( &sha1, &ssl->fin_sha1, sizeof( sha1_context ) );
00376
00377 if( ssl->minor_ver == SSL_MINOR_VERSION_0 )
00378 {
00379 memset( pad_1, 0x36, 48 );
00380 memset( pad_2, 0x5C, 48 );
00381
00382 md5_update( &md5, ssl->session->master, 48 );
00383 md5_update( &md5, pad_1, 48 );
00384 md5_finish( &md5, hash );
00385
00386 md5_starts( &md5 );
00387 md5_update( &md5, ssl->session->master, 48 );
00388 md5_update( &md5, pad_2, 48 );
00389 md5_update( &md5, hash, 16 );
00390 md5_finish( &md5, hash );
00391
00392 sha1_update( &sha1, ssl->session->master, 48 );
00393 sha1_update( &sha1, pad_1, 40 );
00394 sha1_finish( &sha1, hash + 16 );
00395
00396 sha1_starts( &sha1 );
00397 sha1_update( &sha1, ssl->session->master, 48 );
00398 sha1_update( &sha1, pad_2, 40 );
00399 sha1_update( &sha1, hash + 16, 20 );
00400 sha1_finish( &sha1, hash + 16 );
00401 }
00402 else
00403 {
00404 md5_finish( &md5, hash );
00405 sha1_finish( &sha1, hash + 16 );
00406 }
00407
00408 SSL_DEBUG_BUF( 3, "calculated verify result", hash, 36 );
00409 SSL_DEBUG_MSG( 2, ( "<= calc verify" ) );
00410
00411 return;
00412 }
00413
00414
00415
00416
00417 static void ssl_mac_md5( unsigned char *secret,
00418 unsigned char *buf, int len,
00419 unsigned char *ctr, int type )
00420 {
00421 unsigned char header[11];
00422 unsigned char padding[48];
00423 md5_context md5;
00424
00425 memcpy( header, ctr, 8 );
00426 header[ 8] = (unsigned char) type;
00427 header[ 9] = (unsigned char)( len >> 8 );
00428 header[10] = (unsigned char)( len );
00429
00430 memset( padding, 0x36, 48 );
00431 md5_starts( &md5 );
00432 md5_update( &md5, secret, 16 );
00433 md5_update( &md5, padding, 48 );
00434 md5_update( &md5, header, 11 );
00435 md5_update( &md5, buf, len );
00436 md5_finish( &md5, buf + len );
00437
00438 memset( padding, 0x5C, 48 );
00439 md5_starts( &md5 );
00440 md5_update( &md5, secret, 16 );
00441 md5_update( &md5, padding, 48 );
00442 md5_update( &md5, buf + len, 16 );
00443 md5_finish( &md5, buf + len );
00444 }
00445
00446 static void ssl_mac_sha1( unsigned char *secret,
00447 unsigned char *buf, int len,
00448 unsigned char *ctr, int type )
00449 {
00450 unsigned char header[11];
00451 unsigned char padding[40];
00452 sha1_context sha1;
00453
00454 memcpy( header, ctr, 8 );
00455 header[ 8] = (unsigned char) type;
00456 header[ 9] = (unsigned char)( len >> 8 );
00457 header[10] = (unsigned char)( len );
00458
00459 memset( padding, 0x36, 40 );
00460 sha1_starts( &sha1 );
00461 sha1_update( &sha1, secret, 20 );
00462 sha1_update( &sha1, padding, 40 );
00463 sha1_update( &sha1, header, 11 );
00464 sha1_update( &sha1, buf, len );
00465 sha1_finish( &sha1, buf + len );
00466
00467 memset( padding, 0x5C, 40 );
00468 sha1_starts( &sha1 );
00469 sha1_update( &sha1, secret, 20 );
00470 sha1_update( &sha1, padding, 40 );
00471 sha1_update( &sha1, buf + len, 20 );
00472 sha1_finish( &sha1, buf + len );
00473 }
00474
00475
00476
00477
00478 static int ssl_encrypt_buf( ssl_context *ssl )
00479 {
00480 int i, padlen;
00481
00482 SSL_DEBUG_MSG( 2, ( "=> encrypt buf" ) );
00483
00484
00485
00486
00487 if( ssl->minor_ver == SSL_MINOR_VERSION_0 )
00488 {
00489 if( ssl->maclen == 16 )
00490 ssl_mac_md5( ssl->mac_enc,
00491 ssl->out_msg, ssl->out_msglen,
00492 ssl->out_ctr, ssl->out_msgtype );
00493
00494 if( ssl->maclen == 20 )
00495 ssl_mac_sha1( ssl->mac_enc,
00496 ssl->out_msg, ssl->out_msglen,
00497 ssl->out_ctr, ssl->out_msgtype );
00498 }
00499 else
00500 {
00501 if( ssl->maclen == 16 )
00502 md5_hmac( ssl->mac_enc, 16,
00503 ssl->out_ctr, ssl->out_msglen + 13,
00504 ssl->out_msg + ssl->out_msglen );
00505
00506 if( ssl->maclen == 20 )
00507 sha1_hmac( ssl->mac_enc, 20,
00508 ssl->out_ctr, ssl->out_msglen + 13,
00509 ssl->out_msg + ssl->out_msglen );
00510 }
00511
00512 SSL_DEBUG_BUF( 4, "computed mac",
00513 ssl->out_msg + ssl->out_msglen, ssl->maclen );
00514
00515 ssl->out_msglen += ssl->maclen;
00516
00517 for( i = 7; i >= 0; i-- )
00518 if( ++ssl->out_ctr[i] != 0 )
00519 break;
00520
00521 if( ssl->ivlen == 0 )
00522 {
00523 #if defined(POLARSSL_ARC4_C)
00524 padlen = 0;
00525
00526 SSL_DEBUG_MSG( 3, ( "before encrypt: msglen = %d, "
00527 "including %d bytes of padding",
00528 ssl->out_msglen, 0 ) );
00529
00530 SSL_DEBUG_BUF( 4, "before encrypt: output payload",
00531 ssl->out_msg, ssl->out_msglen );
00532
00533 arc4_crypt( (arc4_context *) ssl->ctx_enc,
00534 ssl->out_msg, ssl->out_msglen );
00535 #else
00536 return( POLARSSL_ERR_SSL_FEATURE_UNAVAILABLE );
00537 #endif
00538 }
00539 else
00540 {
00541 padlen = ssl->ivlen - ( ssl->out_msglen + 1 ) % ssl->ivlen;
00542 if( padlen == ssl->ivlen )
00543 padlen = 0;
00544
00545 for( i = 0; i <= padlen; i++ )
00546 ssl->out_msg[ssl->out_msglen + i] = (unsigned char) padlen;
00547
00548 ssl->out_msglen += padlen + 1;
00549
00550 SSL_DEBUG_MSG( 3, ( "before encrypt: msglen = %d, "
00551 "including %d bytes of padding",
00552 ssl->out_msglen, padlen + 1 ) );
00553
00554 SSL_DEBUG_BUF( 4, "before encrypt: output payload",
00555 ssl->out_msg, ssl->out_msglen );
00556
00557 switch( ssl->ivlen )
00558 {
00559 case 8:
00560 #if defined(POLARSSL_DES_C)
00561 des3_crypt_cbc( (des3_context *) ssl->ctx_enc,
00562 DES_ENCRYPT, ssl->out_msglen,
00563 ssl->iv_enc, ssl->out_msg, ssl->out_msg );
00564 break;
00565 #endif
00566
00567 case 16:
00568 #if defined(POLARSSL_AES_C)
00569 if ( ssl->session->cipher == SSL_RSA_AES_128_SHA ||
00570 ssl->session->cipher == SSL_RSA_AES_256_SHA ||
00571 ssl->session->cipher == SSL_EDH_RSA_AES_256_SHA)
00572 {
00573 aes_crypt_cbc( (aes_context *) ssl->ctx_enc,
00574 AES_ENCRYPT, ssl->out_msglen,
00575 ssl->iv_enc, ssl->out_msg, ssl->out_msg );
00576 break;
00577 }
00578 #endif
00579
00580 #if defined(POLARSSL_CAMELLIA_C)
00581 if ( ssl->session->cipher == SSL_RSA_CAMELLIA_128_SHA ||
00582 ssl->session->cipher == SSL_RSA_CAMELLIA_256_SHA ||
00583 ssl->session->cipher == SSL_EDH_RSA_CAMELLIA_256_SHA)
00584 {
00585 camellia_crypt_cbc( (camellia_context *) ssl->ctx_enc,
00586 CAMELLIA_ENCRYPT, ssl->out_msglen,
00587 ssl->iv_enc, ssl->out_msg, ssl->out_msg );
00588 break;
00589 }
00590 #endif
00591
00592 default:
00593 return( POLARSSL_ERR_SSL_FEATURE_UNAVAILABLE );
00594 }
00595 }
00596
00597 SSL_DEBUG_MSG( 2, ( "<= encrypt buf" ) );
00598
00599 return( 0 );
00600 }
00601
00602 static int ssl_decrypt_buf( ssl_context *ssl )
00603 {
00604 int i, padlen;
00605 unsigned char tmp[20];
00606
00607 SSL_DEBUG_MSG( 2, ( "=> decrypt buf" ) );
00608
00609 if( ssl->in_msglen < ssl->minlen )
00610 {
00611 SSL_DEBUG_MSG( 1, ( "in_msglen (%d) < minlen (%d)",
00612 ssl->in_msglen, ssl->minlen ) );
00613 return( POLARSSL_ERR_SSL_INVALID_MAC );
00614 }
00615
00616 if( ssl->ivlen == 0 )
00617 {
00618 #if defined(POLARSSL_ARC4_C)
00619 padlen = 0;
00620 arc4_crypt( (arc4_context *) ssl->ctx_dec,
00621 ssl->in_msg, ssl->in_msglen );
00622 #else
00623 return( POLARSSL_ERR_SSL_FEATURE_UNAVAILABLE );
00624 #endif
00625 }
00626 else
00627 {
00628
00629
00630
00631 if( ssl->in_msglen % ssl->ivlen != 0 )
00632 {
00633 SSL_DEBUG_MSG( 1, ( "msglen (%d) %% ivlen (%d) != 0",
00634 ssl->in_msglen, ssl->ivlen ) );
00635 return( POLARSSL_ERR_SSL_INVALID_MAC );
00636 }
00637
00638 switch( ssl->ivlen )
00639 {
00640 #if defined(POLARSSL_DES_C)
00641 case 8:
00642 des3_crypt_cbc( (des3_context *) ssl->ctx_dec,
00643 DES_DECRYPT, ssl->in_msglen,
00644 ssl->iv_dec, ssl->in_msg, ssl->in_msg );
00645 break;
00646 #endif
00647
00648 case 16:
00649 #if defined(POLARSSL_AES_C)
00650 if ( ssl->session->cipher == SSL_RSA_AES_128_SHA ||
00651 ssl->session->cipher == SSL_RSA_AES_256_SHA ||
00652 ssl->session->cipher == SSL_EDH_RSA_AES_256_SHA)
00653 {
00654 aes_crypt_cbc( (aes_context *) ssl->ctx_dec,
00655 AES_DECRYPT, ssl->in_msglen,
00656 ssl->iv_dec, ssl->in_msg, ssl->in_msg );
00657 break;
00658 }
00659 #endif
00660
00661 #if defined(POLARSSL_CAMELLIA_C)
00662 if ( ssl->session->cipher == SSL_RSA_CAMELLIA_128_SHA ||
00663 ssl->session->cipher == SSL_RSA_CAMELLIA_256_SHA ||
00664 ssl->session->cipher == SSL_EDH_RSA_CAMELLIA_256_SHA)
00665 {
00666 camellia_crypt_cbc( (camellia_context *) ssl->ctx_dec,
00667 CAMELLIA_DECRYPT, ssl->in_msglen,
00668 ssl->iv_dec, ssl->in_msg, ssl->in_msg );
00669 break;
00670 }
00671 #endif
00672
00673 default:
00674 return( POLARSSL_ERR_SSL_FEATURE_UNAVAILABLE );
00675 }
00676
00677 padlen = 1 + ssl->in_msg[ssl->in_msglen - 1];
00678
00679 if( ssl->minor_ver == SSL_MINOR_VERSION_0 )
00680 {
00681 if( padlen > ssl->ivlen )
00682 {
00683 SSL_DEBUG_MSG( 1, ( "bad padding length: is %d, "
00684 "should be no more than %d",
00685 padlen, ssl->ivlen ) );
00686 padlen = 0;
00687 }
00688 }
00689 else
00690 {
00691
00692
00693
00694 for( i = 1; i <= padlen; i++ )
00695 {
00696 if( ssl->in_msg[ssl->in_msglen - i] != padlen - 1 )
00697 {
00698 SSL_DEBUG_MSG( 1, ( "bad padding byte: should be "
00699 "%02x, but is %02x", padlen - 1,
00700 ssl->in_msg[ssl->in_msglen - i] ) );
00701 padlen = 0;
00702 }
00703 }
00704 }
00705 }
00706
00707 SSL_DEBUG_BUF( 4, "raw buffer after decryption",
00708 ssl->in_msg, ssl->in_msglen );
00709
00710
00711
00712
00713 ssl->in_msglen -= ( ssl->maclen + padlen );
00714
00715 ssl->in_hdr[3] = (unsigned char)( ssl->in_msglen >> 8 );
00716 ssl->in_hdr[4] = (unsigned char)( ssl->in_msglen );
00717
00718 memcpy( tmp, ssl->in_msg + ssl->in_msglen, 20 );
00719
00720 if( ssl->minor_ver == SSL_MINOR_VERSION_0 )
00721 {
00722 if( ssl->maclen == 16 )
00723 ssl_mac_md5( ssl->mac_dec,
00724 ssl->in_msg, ssl->in_msglen,
00725 ssl->in_ctr, ssl->in_msgtype );
00726 else
00727 ssl_mac_sha1( ssl->mac_dec,
00728 ssl->in_msg, ssl->in_msglen,
00729 ssl->in_ctr, ssl->in_msgtype );
00730 }
00731 else
00732 {
00733 if( ssl->maclen == 16 )
00734 md5_hmac( ssl->mac_dec, 16,
00735 ssl->in_ctr, ssl->in_msglen + 13,
00736 ssl->in_msg + ssl->in_msglen );
00737 else
00738 sha1_hmac( ssl->mac_dec, 20,
00739 ssl->in_ctr, ssl->in_msglen + 13,
00740 ssl->in_msg + ssl->in_msglen );
00741 }
00742
00743 SSL_DEBUG_BUF( 4, "message mac", tmp, ssl->maclen );
00744 SSL_DEBUG_BUF( 4, "computed mac", ssl->in_msg + ssl->in_msglen,
00745 ssl->maclen );
00746
00747 if( memcmp( tmp, ssl->in_msg + ssl->in_msglen,
00748 ssl->maclen ) != 0 )
00749 {
00750 SSL_DEBUG_MSG( 1, ( "message mac does not match" ) );
00751 return( POLARSSL_ERR_SSL_INVALID_MAC );
00752 }
00753
00754
00755
00756
00757
00758 if( ssl->ivlen != 0 && padlen == 0 )
00759 return( POLARSSL_ERR_SSL_INVALID_MAC );
00760
00761 if( ssl->in_msglen == 0 )
00762 {
00763 ssl->nb_zero++;
00764
00765
00766
00767
00768
00769 if( ssl->nb_zero > 3 )
00770 {
00771 SSL_DEBUG_MSG( 1, ( "received four consecutive empty "
00772 "messages, possible DoS attack" ) );
00773 return( POLARSSL_ERR_SSL_INVALID_MAC );
00774 }
00775 }
00776 else
00777 ssl->nb_zero = 0;
00778
00779 for( i = 7; i >= 0; i-- )
00780 if( ++ssl->in_ctr[i] != 0 )
00781 break;
00782
00783 SSL_DEBUG_MSG( 2, ( "<= decrypt buf" ) );
00784
00785 return( 0 );
00786 }
00787
00788
00789
00790
00791 int ssl_fetch_input( ssl_context *ssl, int nb_want )
00792 {
00793 int ret, len;
00794
00795 SSL_DEBUG_MSG( 2, ( "=> fetch input" ) );
00796
00797 while( ssl->in_left < nb_want )
00798 {
00799 len = nb_want - ssl->in_left;
00800 ret = ssl->f_recv( ssl->p_recv, ssl->in_hdr + ssl->in_left, len );
00801
00802 SSL_DEBUG_MSG( 2, ( "in_left: %d, nb_want: %d",
00803 ssl->in_left, nb_want ) );
00804 SSL_DEBUG_RET( 2, "ssl->f_recv", ret );
00805
00806 if( ret < 0 )
00807 return( ret );
00808
00809 ssl->in_left += ret;
00810 }
00811
00812 SSL_DEBUG_MSG( 2, ( "<= fetch input" ) );
00813
00814 return( 0 );
00815 }
00816
00817
00818
00819
00820 int ssl_flush_output( ssl_context *ssl )
00821 {
00822 int ret;
00823 unsigned char *buf;
00824
00825 SSL_DEBUG_MSG( 2, ( "=> flush output" ) );
00826
00827 while( ssl->out_left > 0 )
00828 {
00829 SSL_DEBUG_MSG( 2, ( "message length: %d, out_left: %d",
00830 5 + ssl->out_msglen, ssl->out_left ) );
00831
00832 buf = ssl->out_hdr + 5 + ssl->out_msglen - ssl->out_left;
00833 ret = ssl->f_send( ssl->p_send, buf, ssl->out_left );
00834 SSL_DEBUG_RET( 2, "ssl->f_send", ret );
00835
00836 if( ret <= 0 )
00837 return( ret );
00838
00839 ssl->out_left -= ret;
00840 }
00841
00842 SSL_DEBUG_MSG( 2, ( "<= flush output" ) );
00843
00844 return( 0 );
00845 }
00846
00847
00848
00849
00850 int ssl_write_record( ssl_context *ssl )
00851 {
00852 int ret, len = ssl->out_msglen;
00853
00854 SSL_DEBUG_MSG( 2, ( "=> write record" ) );
00855
00856 ssl->out_hdr[0] = (unsigned char) ssl->out_msgtype;
00857 ssl->out_hdr[1] = (unsigned char) ssl->major_ver;
00858 ssl->out_hdr[2] = (unsigned char) ssl->minor_ver;
00859 ssl->out_hdr[3] = (unsigned char)( len >> 8 );
00860 ssl->out_hdr[4] = (unsigned char)( len );
00861
00862 if( ssl->out_msgtype == SSL_MSG_HANDSHAKE )
00863 {
00864 ssl->out_msg[1] = (unsigned char)( ( len - 4 ) >> 16 );
00865 ssl->out_msg[2] = (unsigned char)( ( len - 4 ) >> 8 );
00866 ssl->out_msg[3] = (unsigned char)( ( len - 4 ) );
00867
00868 md5_update( &ssl->fin_md5 , ssl->out_msg, len );
00869 sha1_update( &ssl->fin_sha1, ssl->out_msg, len );
00870 }
00871
00872 if( ssl->do_crypt != 0 )
00873 {
00874 if( ( ret = ssl_encrypt_buf( ssl ) ) != 0 )
00875 {
00876 SSL_DEBUG_RET( 1, "ssl_encrypt_buf", ret );
00877 return( ret );
00878 }
00879
00880 len = ssl->out_msglen;
00881 ssl->out_hdr[3] = (unsigned char)( len >> 8 );
00882 ssl->out_hdr[4] = (unsigned char)( len );
00883 }
00884
00885 ssl->out_left = 5 + ssl->out_msglen;
00886
00887 SSL_DEBUG_MSG( 3, ( "output record: msgtype = %d, "
00888 "version = [%d:%d], msglen = %d",
00889 ssl->out_hdr[0], ssl->out_hdr[1], ssl->out_hdr[2],
00890 ( ssl->out_hdr[3] << 8 ) | ssl->out_hdr[4] ) );
00891
00892 SSL_DEBUG_BUF( 4, "output record sent to network",
00893 ssl->out_hdr, 5 + ssl->out_msglen );
00894
00895 if( ( ret = ssl_flush_output( ssl ) ) != 0 )
00896 {
00897 SSL_DEBUG_RET( 1, "ssl_flush_output", ret );
00898 return( ret );
00899 }
00900
00901 SSL_DEBUG_MSG( 2, ( "<= write record" ) );
00902
00903 return( 0 );
00904 }
00905
00906 int ssl_read_record( ssl_context *ssl )
00907 {
00908 int ret;
00909
00910 SSL_DEBUG_MSG( 2, ( "=> read record" ) );
00911
00912 if( ssl->in_hslen != 0 &&
00913 ssl->in_hslen < ssl->in_msglen )
00914 {
00915
00916
00917
00918 ssl->in_msglen -= ssl->in_hslen;
00919
00920 memcpy( ssl->in_msg, ssl->in_msg + ssl->in_hslen,
00921 ssl->in_msglen );
00922
00923 ssl->in_hslen = 4;
00924 ssl->in_hslen += ( ssl->in_msg[2] << 8 ) | ssl->in_msg[3];
00925
00926 SSL_DEBUG_MSG( 3, ( "handshake message: msglen ="
00927 " %d, type = %d, hslen = %d",
00928 ssl->in_msglen, ssl->in_msg[0], ssl->in_hslen ) );
00929
00930 if( ssl->in_msglen < 4 || ssl->in_msg[1] != 0 )
00931 {
00932 SSL_DEBUG_MSG( 1, ( "bad handshake length" ) );
00933 return( POLARSSL_ERR_SSL_INVALID_RECORD );
00934 }
00935
00936 if( ssl->in_msglen < ssl->in_hslen )
00937 {
00938 SSL_DEBUG_MSG( 1, ( "bad handshake length" ) );
00939 return( POLARSSL_ERR_SSL_INVALID_RECORD );
00940 }
00941
00942 md5_update( &ssl->fin_md5 , ssl->in_msg, ssl->in_hslen );
00943 sha1_update( &ssl->fin_sha1, ssl->in_msg, ssl->in_hslen );
00944
00945 return( 0 );
00946 }
00947
00948 ssl->in_hslen = 0;
00949
00950
00951
00952
00953 if( ( ret = ssl_fetch_input( ssl, 5 ) ) != 0 )
00954 {
00955 SSL_DEBUG_RET( 1, "ssl_fetch_input", ret );
00956 return( ret );
00957 }
00958
00959 ssl->in_msgtype = ssl->in_hdr[0];
00960 ssl->in_msglen = ( ssl->in_hdr[3] << 8 ) | ssl->in_hdr[4];
00961
00962 SSL_DEBUG_MSG( 3, ( "input record: msgtype = %d, "
00963 "version = [%d:%d], msglen = %d",
00964 ssl->in_hdr[0], ssl->in_hdr[1], ssl->in_hdr[2],
00965 ( ssl->in_hdr[3] << 8 ) | ssl->in_hdr[4] ) );
00966
00967 if( ssl->in_hdr[1] != ssl->major_ver )
00968 {
00969 SSL_DEBUG_MSG( 1, ( "major version mismatch" ) );
00970 return( POLARSSL_ERR_SSL_INVALID_RECORD );
00971 }
00972
00973 if( ssl->in_hdr[2] != SSL_MINOR_VERSION_0 &&
00974 ssl->in_hdr[2] != SSL_MINOR_VERSION_1 )
00975 {
00976 SSL_DEBUG_MSG( 1, ( "minor version mismatch" ) );
00977 return( POLARSSL_ERR_SSL_INVALID_RECORD );
00978 }
00979
00980
00981
00982
00983 if( ssl->do_crypt == 0 )
00984 {
00985 if( ssl->in_msglen < 1 ||
00986 ssl->in_msglen > SSL_MAX_CONTENT_LEN )
00987 {
00988 SSL_DEBUG_MSG( 1, ( "bad message length" ) );
00989 return( POLARSSL_ERR_SSL_INVALID_RECORD );
00990 }
00991 }
00992 else
00993 {
00994 if( ssl->in_msglen < ssl->minlen )
00995 {
00996 SSL_DEBUG_MSG( 1, ( "bad message length" ) );
00997 return( POLARSSL_ERR_SSL_INVALID_RECORD );
00998 }
00999
01000 if( ssl->minor_ver == SSL_MINOR_VERSION_0 &&
01001 ssl->in_msglen > ssl->minlen + SSL_MAX_CONTENT_LEN )
01002 {
01003 SSL_DEBUG_MSG( 1, ( "bad message length" ) );
01004 return( POLARSSL_ERR_SSL_INVALID_RECORD );
01005 }
01006
01007
01008
01009
01010 if( ssl->minor_ver == SSL_MINOR_VERSION_1 &&
01011 ssl->in_msglen > ssl->minlen + SSL_MAX_CONTENT_LEN + 256 )
01012 {
01013 SSL_DEBUG_MSG( 1, ( "bad message length" ) );
01014 return( POLARSSL_ERR_SSL_INVALID_RECORD );
01015 }
01016 }
01017
01018
01019
01020
01021 if( ( ret = ssl_fetch_input( ssl, 5 + ssl->in_msglen ) ) != 0 )
01022 {
01023 SSL_DEBUG_RET( 1, "ssl_fetch_input", ret );
01024 return( ret );
01025 }
01026
01027 SSL_DEBUG_BUF( 4, "input record from network",
01028 ssl->in_hdr, 5 + ssl->in_msglen );
01029
01030 if( ssl->do_crypt != 0 )
01031 {
01032 if( ( ret = ssl_decrypt_buf( ssl ) ) != 0 )
01033 {
01034 SSL_DEBUG_RET( 1, "ssl_decrypt_buf", ret );
01035 return( ret );
01036 }
01037
01038 SSL_DEBUG_BUF( 4, "input payload after decrypt",
01039 ssl->in_msg, ssl->in_msglen );
01040
01041 if( ssl->in_msglen > SSL_MAX_CONTENT_LEN )
01042 {
01043 SSL_DEBUG_MSG( 1, ( "bad message length" ) );
01044 return( POLARSSL_ERR_SSL_INVALID_RECORD );
01045 }
01046 }
01047
01048 if( ssl->in_msgtype == SSL_MSG_HANDSHAKE )
01049 {
01050 ssl->in_hslen = 4;
01051 ssl->in_hslen += ( ssl->in_msg[2] << 8 ) | ssl->in_msg[3];
01052
01053 SSL_DEBUG_MSG( 3, ( "handshake message: msglen ="
01054 " %d, type = %d, hslen = %d",
01055 ssl->in_msglen, ssl->in_msg[0], ssl->in_hslen ) );
01056
01057
01058
01059
01060 if( ssl->in_msglen < 4 || ssl->in_msg[1] != 0 )
01061 {
01062 SSL_DEBUG_MSG( 1, ( "bad handshake length" ) );
01063 return( POLARSSL_ERR_SSL_INVALID_RECORD );
01064 }
01065
01066 if( ssl->in_msglen < ssl->in_hslen )
01067 {
01068 SSL_DEBUG_MSG( 1, ( "bad handshake length" ) );
01069 return( POLARSSL_ERR_SSL_INVALID_RECORD );
01070 }
01071
01072 md5_update( &ssl->fin_md5 , ssl->in_msg, ssl->in_hslen );
01073 sha1_update( &ssl->fin_sha1, ssl->in_msg, ssl->in_hslen );
01074 }
01075
01076 if( ssl->in_msgtype == SSL_MSG_ALERT )
01077 {
01078 SSL_DEBUG_MSG( 2, ( "got an alert message, type: [%d:%d]",
01079 ssl->in_msg[0], ssl->in_msg[1] ) );
01080
01081
01082
01083
01084 if( ssl->in_msg[0] == SSL_ALERT_FATAL )
01085 {
01086 SSL_DEBUG_MSG( 1, ( "is a fatal alert message" ) );
01087 return( POLARSSL_ERR_SSL_FATAL_ALERT_MESSAGE | ssl->in_msg[1] );
01088 }
01089
01090 if( ssl->in_msg[0] == SSL_ALERT_WARNING &&
01091 ssl->in_msg[1] == SSL_ALERT_CLOSE_NOTIFY )
01092 {
01093 SSL_DEBUG_MSG( 2, ( "is a close notify message" ) );
01094 return( POLARSSL_ERR_SSL_PEER_CLOSE_NOTIFY );
01095 }
01096 }
01097
01098 ssl->in_left = 0;
01099
01100 SSL_DEBUG_MSG( 2, ( "<= read record" ) );
01101
01102 return( 0 );
01103 }
01104
01105
01106
01107
01108 int ssl_write_certificate( ssl_context *ssl )
01109 {
01110 int ret, i, n;
01111 x509_cert *crt;
01112
01113 SSL_DEBUG_MSG( 2, ( "=> write certificate" ) );
01114
01115 if( ssl->endpoint == SSL_IS_CLIENT )
01116 {
01117 if( ssl->client_auth == 0 )
01118 {
01119 SSL_DEBUG_MSG( 2, ( "<= skip write certificate" ) );
01120 ssl->state++;
01121 return( 0 );
01122 }
01123
01124
01125
01126
01127
01128 if( ssl->own_cert == NULL &&
01129 ssl->minor_ver == SSL_MINOR_VERSION_0 )
01130 {
01131 ssl->out_msglen = 2;
01132 ssl->out_msgtype = SSL_MSG_ALERT;
01133 ssl->out_msg[0] = SSL_ALERT_WARNING;
01134 ssl->out_msg[1] = SSL_ALERT_NO_CERTIFICATE;
01135
01136 SSL_DEBUG_MSG( 2, ( "got no certificate to send" ) );
01137 goto write_msg;
01138 }
01139 }
01140 else
01141 {
01142 if( ssl->own_cert == NULL )
01143 {
01144 SSL_DEBUG_MSG( 1, ( "got no certificate to send" ) );
01145 return( POLARSSL_ERR_SSL_CERTIFICATE_REQUIRED );
01146 }
01147 }
01148
01149 SSL_DEBUG_CRT( 3, "own certificate", ssl->own_cert );
01150
01151
01152
01153
01154
01155
01156
01157
01158
01159
01160 i = 7;
01161 crt = ssl->own_cert;
01162
01163 while( crt != NULL && crt->next != NULL )
01164 {
01165 n = crt->raw.len;
01166 if( i + 3 + n > SSL_MAX_CONTENT_LEN )
01167 {
01168 SSL_DEBUG_MSG( 1, ( "certificate too large, %d > %d",
01169 i + 3 + n, SSL_MAX_CONTENT_LEN ) );
01170 return( POLARSSL_ERR_SSL_CERTIFICATE_TOO_LARGE );
01171 }
01172
01173 ssl->out_msg[i ] = (unsigned char)( n >> 16 );
01174 ssl->out_msg[i + 1] = (unsigned char)( n >> 8 );
01175 ssl->out_msg[i + 2] = (unsigned char)( n );
01176
01177 i += 3; memcpy( ssl->out_msg + i, crt->raw.p, n );
01178 i += n; crt = crt->next;
01179 }
01180
01181 ssl->out_msg[4] = (unsigned char)( ( i - 7 ) >> 16 );
01182 ssl->out_msg[5] = (unsigned char)( ( i - 7 ) >> 8 );
01183 ssl->out_msg[6] = (unsigned char)( ( i - 7 ) );
01184
01185 ssl->out_msglen = i;
01186 ssl->out_msgtype = SSL_MSG_HANDSHAKE;
01187 ssl->out_msg[0] = SSL_HS_CERTIFICATE;
01188
01189 write_msg:
01190
01191 ssl->state++;
01192
01193 if( ( ret = ssl_write_record( ssl ) ) != 0 )
01194 {
01195 SSL_DEBUG_RET( 1, "ssl_write_record", ret );
01196 return( ret );
01197 }
01198
01199 SSL_DEBUG_MSG( 2, ( "<= write certificate" ) );
01200
01201 return( 0 );
01202 }
01203
01204 int ssl_parse_certificate( ssl_context *ssl )
01205 {
01206 int ret, i, n;
01207
01208 SSL_DEBUG_MSG( 2, ( "=> parse certificate" ) );
01209
01210 if( ssl->endpoint == SSL_IS_SERVER &&
01211 ssl->authmode == SSL_VERIFY_NONE )
01212 {
01213 SSL_DEBUG_MSG( 2, ( "<= skip parse certificate" ) );
01214 ssl->state++;
01215 return( 0 );
01216 }
01217
01218 if( ( ret = ssl_read_record( ssl ) ) != 0 )
01219 {
01220 SSL_DEBUG_RET( 1, "ssl_read_record", ret );
01221 return( ret );
01222 }
01223
01224 ssl->state++;
01225
01226
01227
01228
01229 if( ssl->endpoint == SSL_IS_SERVER &&
01230 ssl->minor_ver == SSL_MINOR_VERSION_0 )
01231 {
01232 if( ssl->in_msglen == 2 &&
01233 ssl->in_msgtype == SSL_MSG_ALERT &&
01234 ssl->in_msg[0] == SSL_ALERT_WARNING &&
01235 ssl->in_msg[1] == SSL_ALERT_NO_CERTIFICATE )
01236 {
01237 SSL_DEBUG_MSG( 1, ( "SSLv3 client has no certificate" ) );
01238
01239 if( ssl->authmode == SSL_VERIFY_OPTIONAL )
01240 return( 0 );
01241 else
01242 return( POLARSSL_ERR_SSL_NO_CLIENT_CERTIFICATE );
01243 }
01244 }
01245
01246 if( ssl->endpoint == SSL_IS_SERVER &&
01247 ssl->minor_ver != SSL_MINOR_VERSION_0 )
01248 {
01249 if( ssl->in_hslen == 7 &&
01250 ssl->in_msgtype == SSL_MSG_HANDSHAKE &&
01251 ssl->in_msg[0] == SSL_HS_CERTIFICATE &&
01252 memcmp( ssl->in_msg + 4, "\0\0\0", 3 ) == 0 )
01253 {
01254 SSL_DEBUG_MSG( 1, ( "TLSv1 client has no certificate" ) );
01255
01256 if( ssl->authmode == SSL_VERIFY_REQUIRED )
01257 return( POLARSSL_ERR_SSL_NO_CLIENT_CERTIFICATE );
01258 else
01259 return( 0 );
01260 }
01261 }
01262
01263 if( ssl->in_msgtype != SSL_MSG_HANDSHAKE )
01264 {
01265 SSL_DEBUG_MSG( 1, ( "bad certificate message" ) );
01266 return( POLARSSL_ERR_SSL_UNEXPECTED_MESSAGE );
01267 }
01268
01269 if( ssl->in_msg[0] != SSL_HS_CERTIFICATE || ssl->in_hslen < 10 )
01270 {
01271 SSL_DEBUG_MSG( 1, ( "bad certificate message" ) );
01272 return( POLARSSL_ERR_SSL_BAD_HS_CERTIFICATE );
01273 }
01274
01275
01276
01277
01278 n = ( ssl->in_msg[5] << 8 ) | ssl->in_msg[6];
01279
01280 if( ssl->in_msg[4] != 0 || ssl->in_hslen != 7 + n )
01281 {
01282 SSL_DEBUG_MSG( 1, ( "bad certificate message" ) );
01283 return( POLARSSL_ERR_SSL_BAD_HS_CERTIFICATE );
01284 }
01285
01286 if( ( ssl->peer_cert = (x509_cert *) malloc(
01287 sizeof( x509_cert ) ) ) == NULL )
01288 {
01289 SSL_DEBUG_MSG( 1, ( "malloc(%d bytes) failed",
01290 sizeof( x509_cert ) ) );
01291 return( 1 );
01292 }
01293
01294 memset( ssl->peer_cert, 0, sizeof( x509_cert ) );
01295
01296 i = 7;
01297
01298 while( i < ssl->in_hslen )
01299 {
01300 if( ssl->in_msg[i] != 0 )
01301 {
01302 SSL_DEBUG_MSG( 1, ( "bad certificate message" ) );
01303 return( POLARSSL_ERR_SSL_BAD_HS_CERTIFICATE );
01304 }
01305
01306 n = ( (unsigned int) ssl->in_msg[i + 1] << 8 )
01307 | (unsigned int) ssl->in_msg[i + 2];
01308 i += 3;
01309
01310 if( n < 128 || i + n > ssl->in_hslen )
01311 {
01312 SSL_DEBUG_MSG( 1, ( "bad certificate message" ) );
01313 return( POLARSSL_ERR_SSL_BAD_HS_CERTIFICATE );
01314 }
01315
01316 ret = x509parse_crt( ssl->peer_cert, ssl->in_msg + i, n );
01317 if( ret != 0 )
01318 {
01319 SSL_DEBUG_RET( 1, " x509parse_crt", ret );
01320 return( ret );
01321 }
01322
01323 i += n;
01324 }
01325
01326 SSL_DEBUG_CRT( 3, "peer certificate", ssl->peer_cert );
01327
01328 if( ssl->authmode != SSL_VERIFY_NONE )
01329 {
01330 if( ssl->ca_chain == NULL )
01331 {
01332 SSL_DEBUG_MSG( 1, ( "got no CA chain" ) );
01333 return( POLARSSL_ERR_SSL_CA_CHAIN_REQUIRED );
01334 }
01335
01336 ret = x509parse_verify( ssl->peer_cert, ssl->ca_chain, ssl->ca_crl,
01337 ssl->peer_cn, &ssl->verify_result );
01338
01339 if( ret != 0 )
01340 SSL_DEBUG_RET( 1, "x509_verify_cert", ret );
01341
01342 if( ssl->authmode != SSL_VERIFY_REQUIRED )
01343 ret = 0;
01344 }
01345
01346 SSL_DEBUG_MSG( 2, ( "<= parse certificate" ) );
01347
01348 return( ret );
01349 }
01350
01351 int ssl_write_change_cipher_spec( ssl_context *ssl )
01352 {
01353 int ret;
01354
01355 SSL_DEBUG_MSG( 2, ( "=> write change cipher spec" ) );
01356
01357 ssl->out_msgtype = SSL_MSG_CHANGE_CIPHER_SPEC;
01358 ssl->out_msglen = 1;
01359 ssl->out_msg[0] = 1;
01360
01361 ssl->do_crypt = 0;
01362 ssl->state++;
01363
01364 if( ( ret = ssl_write_record( ssl ) ) != 0 )
01365 {
01366 SSL_DEBUG_RET( 1, "ssl_write_record", ret );
01367 return( ret );
01368 }
01369
01370 SSL_DEBUG_MSG( 2, ( "<= write change cipher spec" ) );
01371
01372 return( 0 );
01373 }
01374
01375 int ssl_parse_change_cipher_spec( ssl_context *ssl )
01376 {
01377 int ret;
01378
01379 SSL_DEBUG_MSG( 2, ( "=> parse change cipher spec" ) );
01380
01381 ssl->do_crypt = 0;
01382
01383 if( ( ret = ssl_read_record( ssl ) ) != 0 )
01384 {
01385 SSL_DEBUG_RET( 1, "ssl_read_record", ret );
01386 return( ret );
01387 }
01388
01389 if( ssl->in_msgtype != SSL_MSG_CHANGE_CIPHER_SPEC )
01390 {
01391 SSL_DEBUG_MSG( 1, ( "bad change cipher spec message" ) );
01392 return( POLARSSL_ERR_SSL_UNEXPECTED_MESSAGE );
01393 }
01394
01395 if( ssl->in_msglen != 1 || ssl->in_msg[0] != 1 )
01396 {
01397 SSL_DEBUG_MSG( 1, ( "bad change cipher spec message" ) );
01398 return( POLARSSL_ERR_SSL_BAD_HS_CHANGE_CIPHER_SPEC );
01399 }
01400
01401 ssl->state++;
01402
01403 SSL_DEBUG_MSG( 2, ( "<= parse change cipher spec" ) );
01404
01405 return( 0 );
01406 }
01407
01408 static void ssl_calc_finished(
01409 ssl_context *ssl, unsigned char *buf, int from,
01410 md5_context *md5, sha1_context *sha1 )
01411 {
01412 int len = 12;
01413 char *sender;
01414 unsigned char padbuf[48];
01415 unsigned char md5sum[16];
01416 unsigned char sha1sum[20];
01417
01418 SSL_DEBUG_MSG( 2, ( "=> calc finished" ) );
01419
01420
01421
01422
01423
01424
01425
01426
01427
01428
01429
01430
01431
01432
01433 SSL_DEBUG_BUF( 4, "finished md5 state", (unsigned char *)
01434 md5->state, sizeof( md5->state ) );
01435
01436 SSL_DEBUG_BUF( 4, "finished sha1 state", (unsigned char *)
01437 sha1->state, sizeof( sha1->state ) );
01438
01439 if( ssl->minor_ver == SSL_MINOR_VERSION_0 )
01440 {
01441 sender = ( from == SSL_IS_CLIENT ) ? (char *) "CLNT"
01442 : (char *) "SRVR";
01443
01444 memset( padbuf, 0x36, 48 );
01445
01446 md5_update( md5, (unsigned char *) sender, 4 );
01447 md5_update( md5, ssl->session->master, 48 );
01448 md5_update( md5, padbuf, 48 );
01449 md5_finish( md5, md5sum );
01450
01451 sha1_update( sha1, (unsigned char *) sender, 4 );
01452 sha1_update( sha1, ssl->session->master, 48 );
01453 sha1_update( sha1, padbuf, 40 );
01454 sha1_finish( sha1, sha1sum );
01455
01456 memset( padbuf, 0x5C, 48 );
01457
01458 md5_starts( md5 );
01459 md5_update( md5, ssl->session->master, 48 );
01460 md5_update( md5, padbuf, 48 );
01461 md5_update( md5, md5sum, 16 );
01462 md5_finish( md5, buf );
01463
01464 sha1_starts( sha1 );
01465 sha1_update( sha1, ssl->session->master, 48 );
01466 sha1_update( sha1, padbuf , 40 );
01467 sha1_update( sha1, sha1sum, 20 );
01468 sha1_finish( sha1, buf + 16 );
01469
01470 len += 24;
01471 }
01472 else
01473 {
01474 sender = ( from == SSL_IS_CLIENT )
01475 ? (char *) "client finished"
01476 : (char *) "server finished";
01477
01478 md5_finish( md5, padbuf );
01479 sha1_finish( sha1, padbuf + 16 );
01480
01481 tls1_prf( ssl->session->master, 48, sender,
01482 padbuf, 36, buf, len );
01483 }
01484
01485 SSL_DEBUG_BUF( 3, "calc finished result", buf, len );
01486
01487 memset( md5, 0, sizeof( md5_context ) );
01488 memset( sha1, 0, sizeof( sha1_context ) );
01489
01490 memset( padbuf, 0, sizeof( padbuf ) );
01491 memset( md5sum, 0, sizeof( md5sum ) );
01492 memset( sha1sum, 0, sizeof( sha1sum ) );
01493
01494 SSL_DEBUG_MSG( 2, ( "<= calc finished" ) );
01495 }
01496
01497 int ssl_write_finished( ssl_context *ssl )
01498 {
01499 int ret, hash_len;
01500 md5_context md5;
01501 sha1_context sha1;
01502
01503 SSL_DEBUG_MSG( 2, ( "=> write finished" ) );
01504
01505 memcpy( &md5 , &ssl->fin_md5 , sizeof( md5_context ) );
01506 memcpy( &sha1, &ssl->fin_sha1, sizeof( sha1_context ) );
01507
01508 ssl_calc_finished( ssl, ssl->out_msg + 4,
01509 ssl->endpoint, &md5, &sha1 );
01510
01511 hash_len = ( ssl->minor_ver == SSL_MINOR_VERSION_0 ) ? 36 : 12;
01512
01513 ssl->out_msglen = 4 + hash_len;
01514 ssl->out_msgtype = SSL_MSG_HANDSHAKE;
01515 ssl->out_msg[0] = SSL_HS_FINISHED;
01516
01517
01518
01519
01520
01521 if( ssl->resume != 0 )
01522 {
01523 if( ssl->endpoint == SSL_IS_CLIENT )
01524 ssl->state = SSL_HANDSHAKE_OVER;
01525 else
01526 ssl->state = SSL_CLIENT_CHANGE_CIPHER_SPEC;
01527 }
01528 else
01529 ssl->state++;
01530
01531 ssl->do_crypt = 1;
01532
01533 if( ( ret = ssl_write_record( ssl ) ) != 0 )
01534 {
01535 SSL_DEBUG_RET( 1, "ssl_write_record", ret );
01536 return( ret );
01537 }
01538
01539 SSL_DEBUG_MSG( 2, ( "<= write finished" ) );
01540
01541 return( 0 );
01542 }
01543
01544 int ssl_parse_finished( ssl_context *ssl )
01545 {
01546 int ret, hash_len;
01547 md5_context md5;
01548 sha1_context sha1;
01549 unsigned char buf[36];
01550
01551 SSL_DEBUG_MSG( 2, ( "=> parse finished" ) );
01552
01553 memcpy( &md5 , &ssl->fin_md5 , sizeof( md5_context ) );
01554 memcpy( &sha1, &ssl->fin_sha1, sizeof( sha1_context ) );
01555
01556 ssl->do_crypt = 1;
01557
01558 if( ( ret = ssl_read_record( ssl ) ) != 0 )
01559 {
01560 SSL_DEBUG_RET( 1, "ssl_read_record", ret );
01561 return( ret );
01562 }
01563
01564 if( ssl->in_msgtype != SSL_MSG_HANDSHAKE )
01565 {
01566 SSL_DEBUG_MSG( 1, ( "bad finished message" ) );
01567 return( POLARSSL_ERR_SSL_UNEXPECTED_MESSAGE );
01568 }
01569
01570 hash_len = ( ssl->minor_ver == SSL_MINOR_VERSION_0 ) ? 36 : 12;
01571
01572 if( ssl->in_msg[0] != SSL_HS_FINISHED ||
01573 ssl->in_hslen != 4 + hash_len )
01574 {
01575 SSL_DEBUG_MSG( 1, ( "bad finished message" ) );
01576 return( POLARSSL_ERR_SSL_BAD_HS_FINISHED );
01577 }
01578
01579 ssl_calc_finished( ssl, buf, ssl->endpoint ^ 1, &md5, &sha1 );
01580
01581 if( memcmp( ssl->in_msg + 4, buf, hash_len ) != 0 )
01582 {
01583 SSL_DEBUG_MSG( 1, ( "bad finished message" ) );
01584 return( POLARSSL_ERR_SSL_BAD_HS_FINISHED );
01585 }
01586
01587 if( ssl->resume != 0 )
01588 {
01589 if( ssl->endpoint == SSL_IS_CLIENT )
01590 ssl->state = SSL_CLIENT_CHANGE_CIPHER_SPEC;
01591
01592 if( ssl->endpoint == SSL_IS_SERVER )
01593 ssl->state = SSL_HANDSHAKE_OVER;
01594 }
01595 else
01596 ssl->state++;
01597
01598 SSL_DEBUG_MSG( 2, ( "<= parse finished" ) );
01599
01600 return( 0 );
01601 }
01602
01603
01604
01605
01606 int ssl_init( ssl_context *ssl )
01607 {
01608 int len = SSL_BUFFER_LEN;
01609
01610 memset( ssl, 0, sizeof( ssl_context ) );
01611
01612 ssl->in_ctr = (unsigned char *) malloc( len );
01613 ssl->in_hdr = ssl->in_ctr + 8;
01614 ssl->in_msg = ssl->in_ctr + 13;
01615
01616 if( ssl->in_ctr == NULL )
01617 {
01618 SSL_DEBUG_MSG( 1, ( "malloc(%d bytes) failed", len ) );
01619 return( 1 );
01620 }
01621
01622 ssl->out_ctr = (unsigned char *) malloc( len );
01623 ssl->out_hdr = ssl->out_ctr + 8;
01624 ssl->out_msg = ssl->out_ctr + 13;
01625
01626 if( ssl->out_ctr == NULL )
01627 {
01628 SSL_DEBUG_MSG( 1, ( "malloc(%d bytes) failed", len ) );
01629 free( ssl-> in_ctr );
01630 return( 1 );
01631 }
01632
01633 memset( ssl-> in_ctr, 0, SSL_BUFFER_LEN );
01634 memset( ssl->out_ctr, 0, SSL_BUFFER_LEN );
01635
01636 ssl->hostname = NULL;
01637 ssl->hostname_len = 0;
01638
01639 md5_starts( &ssl->fin_md5 );
01640 sha1_starts( &ssl->fin_sha1 );
01641
01642 return( 0 );
01643 }
01644
01645
01646
01647
01648 void ssl_set_endpoint( ssl_context *ssl, int endpoint )
01649 {
01650 ssl->endpoint = endpoint;
01651 }
01652
01653 void ssl_set_authmode( ssl_context *ssl, int authmode )
01654 {
01655 ssl->authmode = authmode;
01656 }
01657
01658 void ssl_set_rng( ssl_context *ssl,
01659 int (*f_rng)(void *),
01660 void *p_rng )
01661 {
01662 ssl->f_rng = f_rng;
01663 ssl->p_rng = p_rng;
01664 }
01665
01666 void ssl_set_dbg( ssl_context *ssl,
01667 void (*f_dbg)(void *, int, char *),
01668 void *p_dbg )
01669 {
01670 ssl->f_dbg = f_dbg;
01671 ssl->p_dbg = p_dbg;
01672 }
01673
01674 void ssl_set_bio( ssl_context *ssl,
01675 int (*f_recv)(void *, unsigned char *, int), void *p_recv,
01676 int (*f_send)(void *, unsigned char *, int), void *p_send )
01677 {
01678 ssl->f_recv = f_recv;
01679 ssl->f_send = f_send;
01680 ssl->p_recv = p_recv;
01681 ssl->p_send = p_send;
01682 }
01683
01684 void ssl_set_scb( ssl_context *ssl,
01685 int (*s_get)(ssl_context *),
01686 int (*s_set)(ssl_context *) )
01687 {
01688 ssl->s_get = s_get;
01689 ssl->s_set = s_set;
01690 }
01691
01692 void ssl_set_session( ssl_context *ssl, int resume, int timeout,
01693 ssl_session *session )
01694 {
01695 ssl->resume = resume;
01696 ssl->timeout = timeout;
01697 ssl->session = session;
01698 }
01699
01700 void ssl_set_ciphers( ssl_context *ssl, int *ciphers )
01701 {
01702 ssl->ciphers = ciphers;
01703 }
01704
01705 void ssl_set_ca_chain( ssl_context *ssl, x509_cert *ca_chain,
01706 x509_crl *ca_crl, char *peer_cn )
01707 {
01708 ssl->ca_chain = ca_chain;
01709 ssl->ca_crl = ca_crl;
01710 ssl->peer_cn = peer_cn;
01711 }
01712
01713 void ssl_set_own_cert( ssl_context *ssl, x509_cert *own_cert,
01714 rsa_context *rsa_key )
01715 {
01716 ssl->own_cert = own_cert;
01717 ssl->rsa_key = rsa_key;
01718 }
01719
01720 int ssl_set_dh_param( ssl_context *ssl, char *dhm_P, char *dhm_G )
01721 {
01722 int ret;
01723
01724 if( ( ret = mpi_read_string( &ssl->dhm_ctx.P, 16, dhm_P ) ) != 0 )
01725 {
01726 SSL_DEBUG_RET( 1, "mpi_read_string", ret );
01727 return( ret );
01728 }
01729
01730 if( ( ret = mpi_read_string( &ssl->dhm_ctx.G, 16, dhm_G ) ) != 0 )
01731 {
01732 SSL_DEBUG_RET( 1, "mpi_read_string", ret );
01733 return( ret );
01734 }
01735
01736 return( 0 );
01737 }
01738
01739 int ssl_set_hostname( ssl_context *ssl, char *hostname )
01740 {
01741 if( hostname == NULL )
01742 return( POLARSSL_ERR_SSL_BAD_INPUT_DATA );
01743
01744 ssl->hostname_len = strlen( hostname );
01745 ssl->hostname = (unsigned char *) malloc( ssl->hostname_len + 1 );
01746
01747 memcpy( ssl->hostname, (unsigned char *) hostname,
01748 ssl->hostname_len );
01749
01750 ssl->hostname[ssl->hostname_len] = '\0';
01751
01752 return( 0 );
01753 }
01754
01755
01756
01757
01758 int ssl_get_bytes_avail( ssl_context *ssl )
01759 {
01760 return( ssl->in_offt == NULL ? 0 : ssl->in_msglen );
01761 }
01762
01763 int ssl_get_verify_result( ssl_context *ssl )
01764 {
01765 return( ssl->verify_result );
01766 }
01767
01768 char *ssl_get_cipher( ssl_context *ssl )
01769 {
01770 switch( ssl->session->cipher )
01771 {
01772 #if defined(POLARSSL_ARC4_C)
01773 case SSL_RSA_RC4_128_MD5:
01774 return( "SSL_RSA_RC4_128_MD5" );
01775
01776 case SSL_RSA_RC4_128_SHA:
01777 return( "SSL_RSA_RC4_128_SHA" );
01778 #endif
01779
01780 #if defined(POLARSSL_DES_C)
01781 case SSL_RSA_DES_168_SHA:
01782 return( "SSL_RSA_DES_168_SHA" );
01783
01784 case SSL_EDH_RSA_DES_168_SHA:
01785 return( "SSL_EDH_RSA_DES_168_SHA" );
01786 #endif
01787
01788 #if defined(POLARSSL_AES_C)
01789 case SSL_RSA_AES_128_SHA:
01790 return( "SSL_RSA_AES_128_SHA" );
01791
01792 case SSL_RSA_AES_256_SHA:
01793 return( "SSL_RSA_AES_256_SHA" );
01794
01795 case SSL_EDH_RSA_AES_256_SHA:
01796 return( "SSL_EDH_RSA_AES_256_SHA" );
01797 #endif
01798
01799 #if defined(POLARSSL_CAMELLIA_C)
01800 case SSL_RSA_CAMELLIA_128_SHA:
01801 return( "SSL_RSA_CAMELLIA_128_SHA" );
01802
01803 case SSL_RSA_CAMELLIA_256_SHA:
01804 return( "SSL_RSA_CAMELLIA_256_SHA" );
01805
01806 case SSL_EDH_RSA_CAMELLIA_256_SHA:
01807 return( "SSL_EDH_RSA_CAMELLIA_256_SHA" );
01808 #endif
01809
01810 default:
01811 break;
01812 }
01813
01814 return( "unknown" );
01815 }
01816
01817 int ssl_default_ciphers[] =
01818 {
01819 #if defined(POLARSSL_DHM_C)
01820 #if defined(POLARSSL_AES_C)
01821 SSL_EDH_RSA_AES_256_SHA,
01822 #endif
01823 #if defined(POLARSSL_CAMELLIA_C)
01824 SSL_EDH_RSA_CAMELLIA_256_SHA,
01825 #endif
01826 #if defined(POLARSSL_DES_C)
01827 SSL_EDH_RSA_DES_168_SHA,
01828 #endif
01829 #endif
01830
01831 #if defined(POLARSSL_AES_C)
01832 SSL_RSA_AES_256_SHA,
01833 #endif
01834 #if defined(POLARSSL_CAMELLIA_C)
01835 SSL_RSA_CAMELLIA_256_SHA,
01836 #endif
01837 #if defined(POLARSSL_AES_C)
01838 SSL_RSA_AES_128_SHA,
01839 #endif
01840 #if defined(POLARSSL_CAMELLIA_C)
01841 SSL_RSA_CAMELLIA_128_SHA,
01842 #endif
01843 #if defined(POLARSSL_DES_C)
01844 SSL_RSA_DES_168_SHA,
01845 #endif
01846 #if defined(POLARSSL_ARC4_C)
01847 SSL_RSA_RC4_128_SHA,
01848 SSL_RSA_RC4_128_MD5,
01849 #endif
01850 0
01851 };
01852
01853
01854
01855
01856 int ssl_handshake( ssl_context *ssl )
01857 {
01858 int ret = POLARSSL_ERR_SSL_FEATURE_UNAVAILABLE;
01859
01860 SSL_DEBUG_MSG( 2, ( "=> handshake" ) );
01861
01862 #if defined(POLARSSL_SSL_CLI_C)
01863 if( ssl->endpoint == SSL_IS_CLIENT )
01864 ret = ssl_handshake_client( ssl );
01865 #endif
01866
01867 #if defined(POLARSSL_SSL_SRV_C)
01868 if( ssl->endpoint == SSL_IS_SERVER )
01869 ret = ssl_handshake_server( ssl );
01870 #endif
01871
01872 SSL_DEBUG_MSG( 2, ( "<= handshake" ) );
01873
01874 return( ret );
01875 }
01876
01877
01878
01879
01880 int ssl_read( ssl_context *ssl, unsigned char *buf, int len )
01881 {
01882 int ret, n;
01883
01884 SSL_DEBUG_MSG( 2, ( "=> read" ) );
01885
01886 if( ssl->state != SSL_HANDSHAKE_OVER )
01887 {
01888 if( ( ret = ssl_handshake( ssl ) ) != 0 )
01889 {
01890 SSL_DEBUG_RET( 1, "ssl_handshake", ret );
01891 return( ret );
01892 }
01893 }
01894
01895 if( ssl->in_offt == NULL )
01896 {
01897 if( ( ret = ssl_read_record( ssl ) ) != 0 )
01898 {
01899 SSL_DEBUG_RET( 1, "ssl_read_record", ret );
01900 return( ret );
01901 }
01902
01903 if( ssl->in_msglen == 0 &&
01904 ssl->in_msgtype == SSL_MSG_APPLICATION_DATA )
01905 {
01906
01907
01908
01909 if( ( ret = ssl_read_record( ssl ) ) != 0 )
01910 {
01911 SSL_DEBUG_RET( 1, "ssl_read_record", ret );
01912 return( ret );
01913 }
01914 }
01915
01916 if( ssl->in_msgtype != SSL_MSG_APPLICATION_DATA )
01917 {
01918 SSL_DEBUG_MSG( 1, ( "bad application data message" ) );
01919 return( POLARSSL_ERR_SSL_UNEXPECTED_MESSAGE );
01920 }
01921
01922 ssl->in_offt = ssl->in_msg;
01923 }
01924
01925 n = ( len < ssl->in_msglen )
01926 ? len : ssl->in_msglen;
01927
01928 memcpy( buf, ssl->in_offt, n );
01929 ssl->in_msglen -= n;
01930
01931 if( ssl->in_msglen == 0 )
01932
01933 ssl->in_offt = NULL;
01934 else
01935
01936 ssl->in_offt += n;
01937
01938 SSL_DEBUG_MSG( 2, ( "<= read" ) );
01939
01940 return( n );
01941 }
01942
01943
01944
01945
01946 int ssl_write( ssl_context *ssl, unsigned char *buf, int len )
01947 {
01948 int ret, n;
01949
01950 SSL_DEBUG_MSG( 2, ( "=> write" ) );
01951
01952 if( ssl->state != SSL_HANDSHAKE_OVER )
01953 {
01954 if( ( ret = ssl_handshake( ssl ) ) != 0 )
01955 {
01956 SSL_DEBUG_RET( 1, "ssl_handshake", ret );
01957 return( ret );
01958 }
01959 }
01960
01961 n = ( len < SSL_MAX_CONTENT_LEN )
01962 ? len : SSL_MAX_CONTENT_LEN;
01963
01964 if( ssl->out_left != 0 )
01965 {
01966 if( ( ret = ssl_flush_output( ssl ) ) != 0 )
01967 {
01968 SSL_DEBUG_RET( 1, "ssl_flush_output", ret );
01969 return( ret );
01970 }
01971 }
01972 else
01973 {
01974 ssl->out_msglen = n;
01975 ssl->out_msgtype = SSL_MSG_APPLICATION_DATA;
01976 memcpy( ssl->out_msg, buf, n );
01977
01978 if( ( ret = ssl_write_record( ssl ) ) != 0 )
01979 {
01980 SSL_DEBUG_RET( 1, "ssl_write_record", ret );
01981 return( ret );
01982 }
01983 }
01984
01985 SSL_DEBUG_MSG( 2, ( "<= write" ) );
01986
01987 return( n );
01988 }
01989
01990
01991
01992
01993 int ssl_close_notify( ssl_context *ssl )
01994 {
01995 int ret;
01996
01997 SSL_DEBUG_MSG( 2, ( "=> write close notify" ) );
01998
01999 if( ( ret = ssl_flush_output( ssl ) ) != 0 )
02000 {
02001 SSL_DEBUG_RET( 1, "ssl_flush_output", ret );
02002 return( ret );
02003 }
02004
02005 if( ssl->state == SSL_HANDSHAKE_OVER )
02006 {
02007 ssl->out_msgtype = SSL_MSG_ALERT;
02008 ssl->out_msglen = 2;
02009 ssl->out_msg[0] = SSL_ALERT_WARNING;
02010 ssl->out_msg[1] = SSL_ALERT_CLOSE_NOTIFY;
02011
02012 if( ( ret = ssl_write_record( ssl ) ) != 0 )
02013 {
02014 SSL_DEBUG_RET( 1, "ssl_write_record", ret );
02015 return( ret );
02016 }
02017 }
02018
02019 SSL_DEBUG_MSG( 2, ( "<= write close notify" ) );
02020
02021 return( ret );
02022 }
02023
02024
02025
02026
02027 void ssl_free( ssl_context *ssl )
02028 {
02029 SSL_DEBUG_MSG( 2, ( "=> free" ) );
02030
02031 if( ssl->peer_cert != NULL )
02032 {
02033 x509_free( ssl->peer_cert );
02034 memset( ssl->peer_cert, 0, sizeof( x509_cert ) );
02035 free( ssl->peer_cert );
02036 }
02037
02038 if( ssl->out_ctr != NULL )
02039 {
02040 memset( ssl->out_ctr, 0, SSL_BUFFER_LEN );
02041 free( ssl->out_ctr );
02042 }
02043
02044 if( ssl->in_ctr != NULL )
02045 {
02046 memset( ssl->in_ctr, 0, SSL_BUFFER_LEN );
02047 free( ssl->in_ctr );
02048 }
02049
02050 #if defined(POLARSSL_DHM_C)
02051 dhm_free( &ssl->dhm_ctx );
02052 #endif
02053
02054 if ( ssl->hostname != NULL)
02055 {
02056 memset( ssl->hostname, 0, ssl->hostname_len );
02057 free( ssl->hostname );
02058 ssl->hostname_len = 0;
02059 }
02060
02061 SSL_DEBUG_MSG( 2, ( "<= free" ) );
02062
02063
02064 memset( ssl, 0, sizeof( ssl_context ) );
02065 }
02066
02067 #endif